Multi-tenancy - Temporal feature
Multi-tenancy in Temporal operates at two levels:
Namespace isolation
Namespaces are Temporal's unit of isolation, providing logical separation for multi-tenant deployments in both open source Temporal and Temporal Cloud.
Open source Temporal
Namespaces in self-hosted Temporal provide:
- Workflow ID uniqueness: Temporal guarantees unique Workflow IDs within a Namespace. Different Namespaces can have Workflows with the same ID without conflict.
- Resource isolation: Traffic from one Namespace does not impact other Namespaces on the same Temporal Service.
- Configuration boundaries: Settings like Retention Period and Archival destination are configured per Namespace.
- Access control: Use a custom Authorizer on your Frontend Service to restrict who can access each Namespace.
- Inter-namespace communication: Use Nexus for controlled communication between Namespaces.
Temporal Cloud
Temporal Cloud builds on these capabilities with additional isolation guarantees:
- Independent authentication via API keys or mTLS certificates
- Built-in role-based access controls without custom Authorizer configuration
- Separate rate limits to prevent noisy neighbor problems
- High availability replication across regions
Application multi-tenancy
Many organizations use Temporal to power their own multi-tenant SaaS applications, isolating their customers' workloads using Task Queues, Search Attributes, and Worker design patterns.
See the multi-tenant application patterns guide for detailed recommendations on architecting multi-tenant applications with Temporal.